BadNews Trojan Is Bad News for Android Users

Below:

Next story in Tech and gadgets

Mobile security company Lookout has found a new form of malware
in 32 Android apps published by four different developers.
Combined, the infected apps have been downloaded between 2
million and 9 million times.

Disguised as an advertising network to support free-to-play apps,
the new malware, which Lookout has named "BadNews," actually
pushes a well-known fraud
malware called AlphaSMS that is able to gather sensitive
information from the infected mobile phone and bill the phone's
user with fraudulent charges.

What makes BadNews especially harmful is that it's able to lie
dormant in its carrier apps for several weeks after download,
which helped the malware sneak past the
GooglePlay store's security and made it difficult to detect.

Once activated, BadNews gathers sensitive information from the
infected device and sends it to a command-and-control server. On
command from the server, the malware can also display fake news
to the device users, and prompt installation of a program that
will fraudulently charge users' accounts.

To trick users into downloading this program, the files are often
given misleading names, such as "skype_installer.apk" or
"vkontakte_intaller.apk." Vkontakte is a popular Russian social
networking app. Users download the fraudulent APKs believing they
are actually updates for these popular apps.

Adding salt to the wound, the BadNews malware uses its
advertising façade to promote other infected apps.

Many of the carrier apps are games or other innocuous-seeming
apps like wallpapers or recipe books. More than two-thirds of the
apps are in Russian; the rest are English.

BadNews is operated through three command-and-control
servers that Lookout has placed in Russia, Ukraine and
Germany. They are currently still active, but Lookout reports it
is working to "bring them down."

Lookout Mobile Security first found the BadNews malware and
notified the GooglePlay store on April 19. Google promptly
removed the apps from the store and suspended the associated
developer accounts.

This doesn't necessarily mean the app developers are complicit;
Lookout points out that developers need to carefully screen any
third-party libraries they use to build their apps, as these can
be unsafe or outright malicious.

If you're worried about your Android device, you can go to
Android settings and uncheck "unknown sources" (depending on your
device, it may be under Security or Applications) to prevent
automatic and drive-by installation of unregistered software. You
can also use security software like Lookout's own to guard your phone
from malware.

In their company blog, Lookout called BadNews "a significant
development in the evolution of mobile malware" because of its
ability to escape detection by delaying activation.